]>
git.ipfire.org Git - thirdparty/suricata-verify.git/log
Victor Julien [Thu, 9 Feb 2023 16:39:01 +0000 (17:39 +0100)]
tests: disable bug 5198
Needs Suricata fix tracked in 5836.
Victor Julien [Thu, 9 Feb 2023 15:41:17 +0000 (16:41 +0100)]
tests: add test for bug 3286
Victor Julien [Tue, 7 Feb 2023 21:44:40 +0000 (22:44 +0100)]
tests: fix smb test for 6.0.x
Philippe Antoine [Thu, 2 Feb 2023 15:57:01 +0000 (16:57 +0100)]
framework: explicit utf-8 encoding for reading json
As the default encoding is platform dependent
Victor Julien [Sun, 22 Jan 2023 09:37:35 +0000 (10:37 +0100)]
tests: smb2 file sha logging test
Jason Ish [Tue, 31 Jan 2023 22:02:49 +0000 (16:02 -0600)]
github-ci: only run suricata-verify once on Ubuntu
On Ubuntu verify was being run once with the output dir in tree, and
another time elsewhere. Instead, on Ubuntu just run once with --outdir,
and run on Alma without --outdir to cover both cases and save some time.
Jason Ish [Tue, 31 Jan 2023 22:00:55 +0000 (16:00 -0600)]
github-ci: update checkout action to v3
Jeff Lucovsky [Sun, 4 Sep 2022 12:23:55 +0000 (08:23 -0400)]
tests/log: Verify bug 5198
This issue requires an ASAN build -- it doesn't reproduce without ASAN.
Issue: 5198
Jeff Lucovsky [Mon, 18 May 2020 14:08:50 +0000 (10:08 -0400)]
tests/bsize Add test cases for bsize
This commit adds several test cases for the `bsize` keyword.
These tests apply to Suricata 7.0.x and newer.
Juliana Fajardini [Thu, 19 Jan 2023 14:58:10 +0000 (11:58 -0300)]
tests: test midstream w midstream exception policy
Related to
Bug #5765
Jason Ish [Fri, 27 Jan 2023 04:57:50 +0000 (22:57 -0600)]
test: test logging TLS dates less than 1970
Issue: 5817
Haleema Khan [Fri, 27 Jan 2023 01:36:32 +0000 (06:36 +0500)]
ttl: add tests for prefilter keyword
Ticket #5800
Jason Ish [Thu, 26 Jan 2023 16:24:57 +0000 (10:24 -0600)]
test: configuration file includes
Test configuration file includes that also include the new fully
qualified name overrides.
Pay attention to our "_" to "-" translation which should not happen for
variables.
Jason Ish [Fri, 20 Jan 2023 22:26:04 +0000 (16:26 -0600)]
tests/ftp: add checks for too long alerts
Related issue: 5235
Juliana Fajardini [Mon, 12 Dec 2022 22:38:29 +0000 (19:38 -0300)]
tests: fix bad http host rule tests
The test.yaml files were missing the command set to compare eve.json
output and to run without a pcap file, therefore being simply skipped
for lack of a pcap file.
Also took the opportunity to make these compatible with new error
message formats for Suricata 7.
Test 1 also had a typo in the expected message to be checked, making it
fail.
Jeff Lucovsky [Fri, 16 Dec 2022 14:31:34 +0000 (09:31 -0500)]
decode: Tests for unknown/arp counters
Issue: 5761
This commit adds tests for decode counters which are new
- decode.arp
- decode.unknown_ethertype
Jason Ish [Wed, 30 Nov 2022 16:15:11 +0000 (10:15 -0600)]
test: opcode logging and alert
Victor Julien [Mon, 30 Jan 2023 17:04:19 +0000 (18:04 +0100)]
tests: update exception policy for new IPS default
Victor Julien [Mon, 30 Jan 2023 13:17:55 +0000 (14:17 +0100)]
udp: improve strict/non-strict checks for 6
Shivani Bhardwaj [Mon, 30 Jan 2023 12:24:20 +0000 (17:54 +0530)]
run.py: fix version comparison checks
If no minor or patch version was provided, it was set to 0 hence passing
the check for "not None". Fix that by setting the defaults to None
instead for 0 for the equal to check.
Shivani Bhardwaj [Fri, 20 Jan 2023 07:48:43 +0000 (13:18 +0530)]
tcp: add test for bug 5379
Shivani Bhardwaj [Wed, 4 Jan 2023 07:20:24 +0000 (12:50 +0530)]
udp: add tests for bug 5379
Shivani Bhardwaj [Sat, 12 Nov 2022 08:34:14 +0000 (14:04 +0530)]
pcre-invalid-01: update shell check min-version
Shivani Bhardwaj [Wed, 2 Nov 2022 19:51:53 +0000 (01:21 +0530)]
run.py: allow version tests in shell checks
Victor Julien [Fri, 27 Jan 2023 15:55:00 +0000 (16:55 +0100)]
tests: add frame ips test
Victor Julien [Fri, 27 Jan 2023 13:38:30 +0000 (14:38 +0100)]
tests: improve frame gap tests
Add detection.
Victor Julien [Fri, 27 Jan 2023 12:38:34 +0000 (13:38 +0100)]
frames: sip test update
Jason Ish [Wed, 18 Jan 2023 18:23:12 +0000 (12:23 -0600)]
pcap-log: fix tests for issue 5374
Suricata 7.0-dev will now use the time of the start packet for pcap
logging when reading from a file like 6.0 did.
Issue: 5374
Philippe Antoine [Tue, 6 Dec 2022 13:28:48 +0000 (14:28 +0100)]
Adds test about smb ntlmssp arbitrary order
Ticket: #5258
Philippe Antoine [Thu, 15 Sep 2022 18:58:39 +0000 (20:58 +0200)]
test: update warning about bad hex
To reflect the full content string
Victor Julien [Sun, 8 Jan 2023 06:43:59 +0000 (07:43 +0100)]
tests: update frames for stream frames
Victor Julien [Sun, 8 Jan 2023 06:38:33 +0000 (07:38 +0100)]
tests: fix tcp tests being too strict on tcp objects
Victor Julien [Thu, 22 Dec 2022 18:17:47 +0000 (19:17 +0100)]
tests: add rules for flow drops
Victor Julien [Thu, 29 Sep 2022 08:50:25 +0000 (10:50 +0200)]
tests: tls nom7 updates
Victor Julien [Mon, 26 Sep 2022 17:12:22 +0000 (19:12 +0200)]
tests: tls updates for 6 backports
Victor Julien [Thu, 1 Dec 2022 19:33:26 +0000 (20:33 +0100)]
output: fixups for output changes
Victor Julien [Thu, 15 Dec 2022 10:03:20 +0000 (11:03 +0100)]
tests: limit rfb community id check to 7
Victor Julien [Sat, 10 Dec 2022 19:01:30 +0000 (20:01 +0100)]
tests: fix grep for openbsd
Victor Julien [Sat, 10 Dec 2022 14:59:52 +0000 (15:59 +0100)]
tests: fix pcap for openbsd
Victor Julien [Sat, 10 Dec 2022 11:01:47 +0000 (12:01 +0100)]
tests: fix bug 4376 for openbsd
Jason Ish [Wed, 7 Dec 2022 21:34:46 +0000 (15:34 -0600)]
createst: rename add-version to simply version
This is a more consistent mapping to the documented name in test.yaml.
Also add --cfg to the README which was missing.
Jason Ish [Wed, 7 Dec 2022 21:10:10 +0000 (15:10 -0600)]
createst: document --features
Haleema Khan [Fri, 21 Oct 2022 01:46:46 +0000 (06:46 +0500)]
createst: Commandline param to specify required features
Feature: #4061
Haleema Khan [Mon, 24 Oct 2022 15:05:32 +0000 (20:05 +0500)]
detect-bytemath: add tests
Ticket: #5589
Jason Ish [Thu, 17 Nov 2022 22:01:50 +0000 (16:01 -0600)]
template tests: update for removal of C templates
In 7, the rust based template parser is simply template.
Philippe Antoine [Wed, 30 Nov 2022 15:28:14 +0000 (16:28 +0100)]
rfb: adds a check for community_id field in a rfb event
David Beckett [Wed, 16 Nov 2022 18:32:01 +0000 (18:32 +0000)]
tests/http2: Add tests for HTTP/2 decompression bug
7.0.0-beta1 hits anomaly, failed_decompression
Philippe Antoine [Mon, 28 Nov 2022 20:54:53 +0000 (21:54 +0100)]
smtp: fix test counting empty new lines
Victor Julien [Sat, 26 Nov 2022 14:31:17 +0000 (15:31 +0100)]
tests: issue 5223 for 6
Victor Julien [Sat, 26 Nov 2022 06:58:20 +0000 (07:58 +0100)]
tests: smb2 async for 6.0.x
Victor Julien [Fri, 25 Nov 2022 16:31:43 +0000 (17:31 +0100)]
tests: add tests for bug 5633
Philippe Antoine [Wed, 23 Nov 2022 07:56:47 +0000 (08:56 +0100)]
smb2: fixes test about smb events count
Philippe Antoine [Tue, 22 Nov 2022 20:45:52 +0000 (21:45 +0100)]
Adds test about smb2 async read response
Philippe Antoine [Fri, 23 Sep 2022 12:08:54 +0000 (14:08 +0200)]
framework: utf-8 validation in test stdout/stderr
Philippe Antoine [Thu, 15 Sep 2022 08:59:50 +0000 (10:59 +0200)]
framework: adds a timeout of 5 minutes per test
Victor Julien [Tue, 21 Dec 2021 09:07:01 +0000 (10:07 +0100)]
tests: add tests for negated protocol matching
Philippe Antoine [Fri, 28 Oct 2022 20:09:45 +0000 (22:09 +0200)]
quic: adds signature for parsing check
Philippe Antoine [Thu, 3 Nov 2022 10:38:36 +0000 (11:38 +0100)]
smtp: more valid SMTP for protocol-changed test
That is one server banner, plus one response per request
Jeff Lucovsky [Wed, 10 Aug 2022 12:00:22 +0000 (08:00 -0400)]
test/rules: Update ETOpen rules
Issue: 2982
During 2982 development, an issue with some rules in the ETOpen ruleset
were discovered and reported to Proofpoint.
This commit updates the ETOpen rules containing the fixes for the
reported issue which manifested in 2 rules: sids
2037001 and
2035521 .
Jeff Lucovsky [Tue, 25 Jan 2022 19:14:50 +0000 (14:14 -0500)]
test/yaml: Improve YAML parsing error messages
Without this commit, a YAML syntactic error is silently ignored. This
patch displays the YAML exception, if any, that occurs while loading the
YAML config file.
Jeff Lucovsky [Sat, 22 Jan 2022 14:33:50 +0000 (09:33 -0500)]
tests/dsize Suricata version 7 and later tests
This commit adds a test for Suricata 7 and later with the new dsize
validation logic. A new error message indicating the actual and expected
dsize value is emitted when there's a mismatch.
Jeff Lucovsky [Fri, 21 Jan 2022 15:35:11 +0000 (10:35 -0500)]
general: Typo fixup
Jeff Lucovsky [Sat, 13 Feb 2021 15:36:33 +0000 (10:36 -0500)]
tests: Update to use modified error message
Jeff Lucovsky [Sat, 13 Feb 2021 15:36:11 +0000 (10:36 -0500)]
tests: Add test case for 2982
Victor Julien [Tue, 1 Nov 2022 09:12:03 +0000 (10:12 +0100)]
tests: update pcre test for new output
Disable on 6 until we can do version checks per shell check.
Juliana Fajardini [Thu, 24 Feb 2022 19:31:44 +0000 (19:31 +0000)]
createst: add arg for setting midstream true
With this, one can pass '--midstream' and this will add that as a test
argument and write it to test.yaml. Default is still midstream false.
Juliana Fajardini [Wed, 7 Sep 2022 19:38:12 +0000 (16:38 -0300)]
tests: add test for pgsql out of order params bug
StartupMessages for pgsql have a series of parameters that may show up
in any order, so let's make sure we can indeed parse them if, for
instance, user, which is a mandatory parameter, isn't the first to be
seen in the list.
Related to
Bug #5524
Juliana Fajardini [Wed, 7 Sep 2022 19:11:44 +0000 (16:11 -0300)]
tests/pgsql: adjust to new startup message format
With the pgsql improving, we made database an optional parameter (as it
is, according to the documentation). Then the tests had to be updated.
Jason Ish [Tue, 4 Oct 2022 22:02:31 +0000 (16:02 -0600)]
tests: add tests for real bittorrent-dht traffic
Modupe Falodun [Tue, 1 Mar 2022 23:06:21 +0000 (00:06 +0100)]
detect-bytetest: add tests
Task: 4911
Juliana Fajardini [Wed, 6 Jul 2022 19:35:12 +0000 (16:35 -0300)]
readme: update createst explanation, add examples
There were optional arguments missing in the usage shown, as well as in
the list with explanations about possible arguments.
Juliana Fajardini [Thu, 24 Feb 2022 20:17:47 +0000 (20:17 +0000)]
createst: fix typo, update copyright year
Shivani Bhardwaj [Mon, 27 Jun 2022 10:25:38 +0000 (15:55 +0530)]
createst: add option for custom suricata.yaml
Alice Akaki [Wed, 26 Oct 2022 02:42:12 +0000 (22:42 -0400)]
detect-icmp-seq: add test
Task: #5597
Haleema Khan [Sat, 22 Oct 2022 03:53:55 +0000 (08:53 +0500)]
detect-itype: add tests
Ticket: #5590
Haleema Khan [Fri, 21 Oct 2022 21:06:02 +0000 (02:06 +0500)]
tests: add test for issue 4751
Ticket: #4751
Alice Akaki [Wed, 19 Oct 2022 04:54:02 +0000 (00:54 -0400)]
createst: add the add-version param to specify Suricata version
Feature #4059
Eric Leblond [Sun, 19 Jun 2022 11:19:47 +0000 (13:19 +0200)]
tests: add ip dataset loading test
Eric Leblond [Sun, 19 Jun 2022 11:08:18 +0000 (13:08 +0200)]
tests: add ipv6 dataset test
Also this test ip.src keyword
Eric Leblond [Sun, 19 Jun 2022 11:03:13 +0000 (13:03 +0200)]
tests: add ipv4 set save test
Shivani Bhardwaj [Fri, 7 Oct 2022 04:44:09 +0000 (10:14 +0530)]
tests: add test for issue 5223
Philippe Antoine [Fri, 23 Sep 2022 09:31:52 +0000 (11:31 +0200)]
Adds check about flow.age keyword
Sascha Steinbiss [Thu, 22 Sep 2022 14:11:19 +0000 (16:11 +0200)]
add test for extended security ipopts
Victor Julien [Thu, 20 Oct 2022 05:18:00 +0000 (07:18 +0200)]
tests: update nfs for mac logging fix
Victor Julien [Sat, 15 Oct 2022 14:56:14 +0000 (16:56 +0200)]
tests: various tag rules
Victor Julien [Sat, 15 Oct 2022 09:50:06 +0000 (11:50 +0200)]
tests: add suppress tests
Victor Julien [Sat, 15 Oct 2022 06:07:10 +0000 (08:07 +0200)]
tests: add rate_filter tests
Eric Leblond [Sun, 25 Sep 2022 17:39:59 +0000 (19:39 +0200)]
bug78: relax flow checking
Eric Leblond [Mon, 27 Jun 2022 04:17:31 +0000 (06:17 +0200)]
tests: add tests for ntlmssp keywords
Victor Julien [Wed, 21 Sep 2022 07:39:36 +0000 (09:39 +0200)]
tests: add http file with gap test
Victor Julien [Sat, 17 Sep 2022 12:30:17 +0000 (14:30 +0200)]
files: update for tx-files work
Philippe Antoine [Tue, 26 Jul 2022 14:28:42 +0000 (16:28 +0200)]
filestore: do not enforce a warning id
Victor Julien [Thu, 29 Sep 2022 08:50:25 +0000 (10:50 +0200)]
tests: tls nom7 updates
Victor Julien [Mon, 26 Sep 2022 08:37:48 +0000 (10:37 +0200)]
tests: flowbit bad rules handling for 6.0.7
Jason Ish [Thu, 22 Sep 2022 18:14:33 +0000 (12:14 -0600)]
incomplete-hex: check --init-errors-fatal
For version 6, non-fatal.
For version 7, fatal.
Jason Ish [Thu, 22 Sep 2022 18:07:34 +0000 (12:07 -0600)]
incomplete hex: test with strict content keyword
With strict content parsing, -T should fail out for version 6 and 7.
Jason Ish [Thu, 22 Sep 2022 18:03:09 +0000 (12:03 -0600)]
incomplete-hex: -T tests for version 6 and 7
For version 7, incomplete hex should lead to a -T failure. For
version 6, -T should pass.
Jason Ish [Tue, 20 Sep 2022 18:04:46 +0000 (12:04 -0600)]
test-bad-hex-rule-1: update output for Suricata 6.0.7
https://redmine.openinfosecfoundation.org/issues/5546
Victor Julien [Mon, 26 Sep 2022 08:33:56 +0000 (10:33 +0200)]
tests: limit tls fragmentation test to 7
Victor Julien [Thu, 18 Aug 2022 09:29:14 +0000 (11:29 +0200)]
tests: add test with sslv2 start